Koel: Difference between revisions

From FlowerHouseWiki
No edit summary
 
(29 intermediate revisions by the same user not shown)
Line 13: Line 13:
__TOC__
__TOC__
== Basic Setup ==
== Basic Setup ==
=== NGINX ===
<p>Install required packages</p>
<p>Install NGINX and NGINX-Extra</p>
<syntaxhighlight lang="console">apt install nginx ffmpeg</syntaxhighlight>
<syntaxhighlight lang="console">apt install nginx nginx-extras</syntaxhighlight>
=== PHP7.4 ===
<p>Deactivate Standard-Site (no Web-Server)</p>
<p>Install required packages</p>
<syntaxhighlight lang="console">unlink /etc/nginx/sites-enabled/default</syntaxhighlight>
<syntaxhighlight lang="console">apt -y install lsb-release apt-transport-https ca-certificates</syntaxhighlight>
<p>Create and paste [[reverse-proxy.conf]]</p>
<p>Add repository</p>
<syntaxhighlight lang="console" line>cd /etc/nginx/sites-available
<syntaxhighlight lang="console" line>
nano reverse-proxy.conf</syntaxhighlight>
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
</syntaxhighlight>
<p>Update packages</p>
<syntaxhighlight lang="console">apt update && apt upgrade</syntaxhighlight>
<p>Install PHP7.4</p>
<syntaxhighlight lang="console">apt install php7.4-{cli,fpm,json,common,mysql,sqlite,zip,gd,mbstring,curl,xml,bcmath,tokenizer} openssl</syntaxhighlight>
<p>Check if everything is running correctly</p>
<syntaxhighlight lang="console">systemctl status php7.4-fpm nginx</syntaxhighlight>
<p>Edit php.ini</p>
<syntaxhighlight lang="console">nano /etc/php/7.4/fpm/php.ini</syntaxhighlight>
<p>Find <code>memory_limit</code> and change it to</p>
<syntaxhighlight lang="console">memory_limit = 512M</syntaxhighlight>
<p>Find <code>upload_max_filesize</code> and change it to</p>
<syntaxhighlight lang="console">upload_max_filesize = 512M</syntaxhighlight>
<p>Find <code>post_max_size</code> and change it to</p>
<syntaxhighlight lang="console">post_max_size = 512M</syntaxhighlight>
<p>Restart php service</p>
<syntaxhighlight lang="console">systemctl restart php7.4-fpm</syntaxhighlight>
 
== NGINX ==
<p>Remove default config file</p>
<syntaxhighlight lang="console">rm /etc/nginx/sites-enabled/default</syntaxhighlight>
<p>Create config file and paste from [[Koel.conf]]</p>
<syntaxhighlight lang="console">nano /etc/nginx/sites-available/koel.conf</syntaxhighlight>
<p>Activate configuration</p>
<p>Activate configuration</p>
<syntaxhighlight lang="console">ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf</syntaxhighlight>
<syntaxhighlight lang="console">ln -s /etc/nginx/sites-available/koel.conf /etc/nginx/sites-enabled/</syntaxhighlight>
<p>Check if configuration is legit</p>
<p>Open nginx.conf</p>
<syntaxhighlight lang="console">nano /etc/nginx/nginx.conf</syntaxhighlight>
<p>Add following line in the <code>http</code> section to increase upload limit</p>
<syntaxhighlight lang="console">client_max_body_size 512M;</syntaxhighlight>
<p>Check if configuration is working</p>
<syntaxhighlight lang="console">nginx -t</syntaxhighlight>
<syntaxhighlight lang="console">nginx -t</syntaxhighlight>
<p>Reload configuration</p>
<p>Reload nginx to apply configuration</p>
<syntaxhighlight lang="console">nginx -s reload</syntaxhighlight>
<syntaxhighlight lang="console">systemctl reload nginx.service</syntaxhighlight>
 
=== certbot ===
<p>Install Certbot</p>
<syntaxhighlight lang="console">apt install certbot</syntaxhighlight>
<p>Download [https://github.com/joohoi/acme-dns-certbot-joohoi/raw/master/acme-dns-auth.py acme-dns-auth.py]-Script</p>
<syntaxhighlight lang="console">wget https://github.com/joohoi/acme-dns-certbot-joohoi/raw/master/acme-dns-auth.py</syntaxhighlight><p>Change first line of script from <code>#!/usr/bin/env python</code> to</p>
<syntaxhighlight lang="console">#!/usr/bin/env python3</syntaxhighlight>
<p>Move file to <code>/etc/letsencrypt/</code></p>
<syntaxhighlight lang="console">mv acme-dns-auth.py /etc/letsencrypt/</syntaxhighlight>
<p>Set permissions to run script</p>
<syntaxhighlight lang="console">chmod +x acme-dns-auth.py</syntaxhighlight>
<p><strong>Generate certificate manually</strong></p>
<p>Wildcard-Certificate</p>
<syntaxhighlight lang="console">certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d \*.flowerhouse.at</syntaxhighlight>
<p>Sub-Domain-Certificate</p>
<syntaxhighlight lang="console">certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d subdomain.flowerhouse.at</syntaxhighlight>
<p>Follow the questions of the script and create an cname-record.</p>
<p>Path to all certificates:</p>
<syntaxhighlight lang="console">cd /etc/letsencrypt/live/</syntaxhighlight>
<p>Test manually if certificate renewal works</p>
<syntaxhighlight lang="console">certbot renew --dry-run</syntaxhighlight>
Check if auto-renewal ist activated</p>
<syntaxhighlight lang="console">systemctl list-timers</syntaxhighlight>
 
== Authelia ==
For security reasons and convenience, the login portal Authelia will be installed.
 
==== Redis-Server ====
<p>Install Redis with the following command:</p>
<syntaxhighlight lang="console">apt install redis-server</syntaxhighlight>


<p>After installing Redis, start redis service and enable it to start after system reboot with the following command:</p>
== Composer ==
<p>Download install script</p>
<syntaxhighlight lang="console">php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"</syntaxhighlight>
<p>Install composer</p>
<syntaxhighlight lang="console">php composer-setup.php</syntaxhighlight>
<p>Remove script</p>
<syntaxhighlight lang="console">php -r "unlink('composer-setup.php');"</syntaxhighlight>
<p>Move composer to another path</p>
<syntaxhighlight lang="console">mv composer.phar /usr/local/bin/composer</syntaxhighlight>
== Koel ==
<p>Download Koel</p>
<syntaxhighlight lang="console" line>
<syntaxhighlight lang="console" line>
systemctl start redis-server
cd /var/www
systemctl enable redis-server
wget https://github.com/koel/koel/releases/download/v5.1.5/koel-v5.1.5.tar.gz
</syntaxhighlight>
</syntaxhighlight>
 
<p>Untar Koel</p>
<p>Verify the status of the redis server:</p>
<syntaxhighlight lang="console" line>
<syntaxhighlight lang="console">
tar -zxvf koel-v5.1.5.tar.gz
systemctl status redis-server
rm koel-v5.1.5.tar.gz
</syntaxhighlight>
</syntaxhighlight>
 
<p>Create .env-file from template: [https://github.com/koel/koel/blob/master/.env.example .env.example] and add database information</p>
<p>By default, Redis listening on the localhost on port 6379. You can check it with the following command:</p>
<syntaxhighlight lang="console" line>
<syntaxhighlight lang="console">
cd koel
ps -ef | grep redis
nano .env
</syntaxhighlight>
</syntaxhighlight>
 
<p>Find ffmpeg path with <code>whereis ffmpeg</code> for transcoding and set it</p>
==== SMTP-Server ====
<p>Install <syntaxhighlight lang="console" inline>mailutils</syntaxhighlight> and <syntaxhighlight lang="console" inline>postfix</syntaxhighlight>:</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
apt install mailutils postfix
FFMPEG_PATH=/usr/bin/ffmpeg
</syntaxhighlight>
</syntaxhighlight>
 
<p>Set following line in config for reverse proxy (not accessible via IP after setting it)</p>
<p>Test if SMTP-Server is working:</p>
<syntaxhighlight lang="console">FORCE_HTTPS=true</syntaxhighlight>
<syntaxhighlight lang="console">
<p>Setup composer</p>
echo "This is the body of the email" | mail -s "This is the subject line" your_email_address
<syntaxhighlight lang="console">composer install</syntaxhighlight>
<p>Initialise Koel</p>
<syntaxhighlight lang="console">php artisan koel:init --no-assets</syntaxhighlight>
<p>Give rights to www-data user</p>
<syntaxhighlight lang="console" line>
chown -R www-data:www-data /var/www/koel
chmod -R 777 /var/www/koel/storage/
</syntaxhighlight>
</syntaxhighlight>
 
<p>Default admin account:</p>
=== Installation ===
<p>Download, unzip and rename latest Authelia archive:</p>
<syntaxhighlight lang="console" line>
<syntaxhighlight lang="console" line>
cd /usr/bin
Username: admin@koel.dev
wget https://github.com/authelia/authelia/releases/download/v4.26.2/authelia-linux-amd64.tar.gz
Password: KoelIsCool
tar -xzf authelia-linux-amd64.tar.gz
rm authelia-linux-amd64.tar.gz
mv ./authelia-linux-amd64 ./authelia
</syntaxhighlight>
</syntaxhighlight>


<p>After unzipping, the service file <syntaxhighlight lang="console" inline>authelia.service</syntaxhighlight> has to be moved:</p>
== NFS-Share ==
<p>Install required packages for nfs-share:</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
mv authelia.service /etc/systemd/system/
apt install nfs-common nfs4-acl-tools
</syntaxhighlight>
</syntaxhighlight>


<p>Create folder for the authelia configuration file:</p>
<p>Mount the nfs-share (NAS) to the data folder where all the user files will be stored</p>
<syntaxhighlight lang="console" line>
<syntaxhighlight lang="console" line>
mkdir /etc/authelia
mkdir /media/audio
cd /etc/authelia
mount -t nfs 192.168.88.5:/mnt/zpool1/Musik /media/audio
</syntaxhighlight>
</syntaxhighlight>


<p>Move the unzipped file <syntaxhighlight lang="console" inline>config.template.yml</syntaxhighlight> to the created folder:</p>
<p>Edit fstab to mount at boot:</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
mv config.template.yml /etc/authelia/
nano /etc/fstab
</syntaxhighlight>
 
==== [[users_database.yml]] ====
<p>Create ''[[users_database.yml]]'' in the folder <syntaxhighlight lang="console" inline>/etc/authelia/</syntaxhighlight>:</p>
<syntaxhighlight lang="console">
nano users_database.yml
</syntaxhighlight>
 
<p>An user entry looks like this:</p>
<syntaxhighlight lang="yaml" line>
john:
    displayname: "John Doe"
    password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
    email: john.doe@authelia.com
    groups:
      - admins
      - dev
</syntaxhighlight>
</syntaxhighlight>


<p>The password is encrypted so we have to get the hash value with:</p>
<p>Add following line at the end of file:</p>
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
authelia hash-password 'yourpassword'
192.168.88.5:/mnt/zpool1/Musik /media/audio nfs defaults 0 0
</syntaxhighlight>
 
==== [[configuration.yml]] ====
<p>Create ''[[configuration.yml]]'' at the same folder:</p>
<syntaxhighlight lang="console" line>
nano configuration.yml
</syntaxhighlight>
</syntaxhighlight>
<p>Start authelia and check status:</p>
<syntaxhighlight lang="console" line>
systemctl start authelia
systemctl status authelia
</syntaxhighlight>
LATEST STATE:
* https://www.authelia.com/docs/configuration/access-control.html
* https://www.authelia.com/docs/configuration/authentication/file.html


== Sources ==
== Sources ==
* [https://www.nginx.com/ NGINX] (ReverseProxy)
* [https://docs.koel.dev/#using-a-pre-compiled-archive Koel]
* [https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-dns-validation-with-acme-dns-certbot-on-ubuntu-18-04 DigitalOcean] (LetsEncrypt)
* [https://certbot.eff.org/ certbot] (Certificates)
* [https://www.authelia.com/ Authelia] (Login-Portal)
* [https://www.howtoforge.com/install-and-secure-redis-server-on-debian-10/ Redis-Server]
* [https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-debian-9 DigitalOcean] (SMTP-Server)

Latest revision as of 22:16, 2 August 2021

Koel-LXC
Koel.png

Network

IP: 192.168.88.17
MAC: BE:7E:92:49:2D:AC

System

OS: Debian Buster
Files: Koel.conf
RAM: 1024MB
Cores: 1
Privileged: Yes

Koel is reachable under 192.168.88.17 which is located in the ServerVLAN.

Basic Setup

Install required packages

apt install nginx ffmpeg

PHP7.4

Install required packages

apt -y install lsb-release apt-transport-https ca-certificates

Add repository

wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list

Update packages

apt update && apt upgrade

Install PHP7.4

apt install php7.4-{cli,fpm,json,common,mysql,sqlite,zip,gd,mbstring,curl,xml,bcmath,tokenizer} openssl

Check if everything is running correctly

systemctl status php7.4-fpm nginx

Edit php.ini

nano /etc/php/7.4/fpm/php.ini

Find memory_limit and change it to

memory_limit = 512M

Find upload_max_filesize and change it to

upload_max_filesize = 512M

Find post_max_size and change it to

post_max_size = 512M

Restart php service

systemctl restart php7.4-fpm

NGINX

Remove default config file

rm /etc/nginx/sites-enabled/default

Create config file and paste from Koel.conf

nano /etc/nginx/sites-available/koel.conf

Activate configuration

ln -s /etc/nginx/sites-available/koel.conf /etc/nginx/sites-enabled/

Open nginx.conf

nano /etc/nginx/nginx.conf

Add following line in the http section to increase upload limit

client_max_body_size 512M;

Check if configuration is working

nginx -t

Reload nginx to apply configuration

systemctl reload nginx.service

Composer

Download install script

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

Install composer

php composer-setup.php

Remove script

php -r "unlink('composer-setup.php');"

Move composer to another path

mv composer.phar /usr/local/bin/composer

Koel

Download Koel

cd /var/www
wget https://github.com/koel/koel/releases/download/v5.1.5/koel-v5.1.5.tar.gz

Untar Koel

tar -zxvf koel-v5.1.5.tar.gz
rm koel-v5.1.5.tar.gz

Create .env-file from template: .env.example and add database information

cd koel
nano .env

Find ffmpeg path with whereis ffmpeg for transcoding and set it

FFMPEG_PATH=/usr/bin/ffmpeg

Set following line in config for reverse proxy (not accessible via IP after setting it)

FORCE_HTTPS=true

Setup composer

composer install

Initialise Koel

php artisan koel:init --no-assets

Give rights to www-data user

chown -R www-data:www-data /var/www/koel
chmod -R 777 /var/www/koel/storage/

Default admin account:

Username: admin@koel.dev
Password: KoelIsCool

NFS-Share

Install required packages for nfs-share:

apt install nfs-common nfs4-acl-tools

Mount the nfs-share (NAS) to the data folder where all the user files will be stored

mkdir /media/audio
mount -t nfs 192.168.88.5:/mnt/zpool1/Musik /media/audio

Edit fstab to mount at boot:

nano /etc/fstab

Add following line at the end of file:

192.168.88.5:/mnt/zpool1/Musik /media/audio nfs defaults 0 0

Sources

Retrieved from "https://wiki.flowerhouse.at/index.php?title=Koel&oldid=674"